public override void Bad() { StringBuilder dataCopy; { StringBuilder data; /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); dataCopy = data; } { StringBuilder data = dataCopy; /* POTENTIAL FLAW: data could be null */ string stringTrimmed = data.ToString().Trim(); IO.WriteLine(stringTrimmed); } }
/* goodB2G() - use badsource and goodsink*/ private void GoodB2G() { StringBuilder data; /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); for (int k = 0; k < 1; k++) { /* FIX: explicit check for null */ if (data != null) { string stringTrimmed = data.ToString().Trim(); IO.WriteLine(stringTrimmed); } } }
public override void Bad() { StringBuilder data; /* We need to have one source outside of a for loop in order * to prevent the compiler from generating an error because * data is uninitialized */ /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); for (int j = 0; j < 1; j++) { /* POTENTIAL FLAW: data could be null */ string stringTrimmed = data.ToString().Trim(); IO.WriteLine(stringTrimmed); } }
public override void Bad() { StringBuilder data; if (IO.staticFive == 5) { /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticFive == 5) { /* POTENTIAL FLAW: data could be null */ string stringTrimmed = data.ToString().Trim(); IO.WriteLine(stringTrimmed); } }
/* goodB2G() - use BadSource and GoodSink */ private static void GoodB2G() { StringBuilder data; /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); /* serialize data to a byte array */ byte[] dataSerialized = null; try { BinaryFormatter bf = new BinaryFormatter(); using (var ms = new MemoryStream()) { bf.Serialize(ms, data); dataSerialized = ms.ToArray(); } CWE690_NULL_Deref_From_Return__Class_StringBuilder_75b.GoodB2GSink(dataSerialized); } catch (SerializationException exceptSerialize) { IO.Logger.Log(NLog.LogLevel.Warn, "Serialization exception in serialization", exceptSerialize); } }
/* goodB2G() - use badsource and goodsink */ private static void GoodB2G() { /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); CWE690_NULL_Deref_From_Return__Class_StringBuilder_68b.GoodB2GSink(); }
public override void Bad() { /* POTENTIAL FLAW: Call getStringBuilderBad(), which may return null */ data = CWE690_NULL_Deref_From_Return__Class_Helper.getStringBuilderBad(); CWE690_NULL_Deref_From_Return__Class_StringBuilder_68b.BadSink(); }